Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/NfhS1JBNytpx9y28-dAXnqeL3n0.roa
File:                     NfhS1JBNytpx9y28-dAXnqeL3n0.roa (raw, json)
Hash identifier:          OjLMpcKHJxrE2OGYBQtxtLgAhsLqM/e6CVZHRP/7Gyw=
Subject key identifier:   35:F8:52:D4:90:4D:CA:DA:71:F7:2D:BC:F9:D0:17:9E:A7:8B:DE:7D
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       018CC86F0BE888767E395423F1B06B9B8A77
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/NfhS1JBNytpx9y28-dAXnqeL3n0.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        185.82.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0b:e8:88:76:7e:39:54:23:f1:b0:6b:9b:8a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35f852d4904dcada71f72dbcf9d0179ea78bde7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:48:aa:fd:36:de:7b:7b:c1:3a:7c:7c:2f:da:
                    2a:c6:c6:19:f9:25:02:2e:a7:79:13:f3:69:eb:23:
                    bc:50:a3:bb:6f:1f:4c:ca:01:ba:f5:b2:9f:20:4f:
                    fd:e1:50:22:7e:a3:46:e7:2c:bc:f7:bd:3e:d1:fb:
                    68:3b:60:d5:01:e1:ad:6f:7c:97:3a:f3:be:fc:c2:
                    c0:f9:5e:3d:51:17:2d:c7:6d:6c:98:fb:a0:a4:64:
                    24:e1:61:06:05:0c:7e:7c:8f:87:63:a1:c9:c6:d6:
                    92:ed:cc:48:2a:8b:e4:b0:b7:25:9c:19:0a:98:08:
                    a2:94:2b:8b:37:f6:f9:e0:0b:7a:de:e2:4e:34:4d:
                    fe:38:22:08:b9:2b:ae:1a:99:75:cc:b4:6c:b1:77:
                    72:3b:71:03:3d:8b:92:78:83:6b:00:56:18:94:88:
                    50:1d:fe:7a:a0:63:ad:ad:07:fd:c5:98:24:b1:e6:
                    c6:95:56:0c:0c:52:42:fa:a2:d5:28:9e:f8:12:fc:
                    ec:67:1d:f6:1a:87:4a:75:f5:fc:d9:56:f9:b1:42:
                    3a:cd:54:d5:81:f6:73:18:a1:bf:bd:17:12:28:15:
                    47:94:ac:c2:c8:9b:8b:16:d1:9b:6d:5b:d4:7f:85:
                    df:88:83:f0:a7:37:d9:fa:33:8c:43:61:27:ec:17:
                    7e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F8:52:D4:90:4D:CA:DA:71:F7:2D:BC:F9:D0:17:9E:A7:8B:DE:7D
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/NfhS1JBNytpx9y28-dAXnqeL3n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:27:b2:14:68:b4:d1:02:0e:7a:3f:42:de:93:a0:96:5e:83:
         78:6d:d4:36:89:76:d1:54:7f:e8:b0:32:bc:6a:81:56:7a:32:
         7a:04:c7:b0:82:bd:98:be:cb:7b:19:7a:f9:bf:07:cc:f0:63:
         c7:e0:c9:d7:45:92:75:cc:89:d7:c3:c9:1c:27:b8:5d:8d:24:
         e8:23:4c:61:5e:92:d7:70:c9:48:b6:f4:95:b1:b5:9a:73:7f:
         22:e4:af:d4:b6:3a:8f:7a:ec:d0:25:5d:a4:c1:ee:b4:d5:c6:
         d2:59:fd:02:00:cc:99:c0:6b:ec:42:42:89:78:40:b6:25:ec:
         b4:82:2a:ff:28:06:73:5f:3b:dc:6b:ca:df:a3:c9:48:0d:60:
         95:d1:ab:12:7d:19:58:bf:71:0e:db:35:1b:bc:7b:03:f7:e3:
         5a:10:93:85:25:4c:81:f9:0a:8d:5c:c4:0c:d3:de:36:8d:a0:
         05:59:ee:82:b0:7e:08:7f:ce:ad:ed:9d:44:a5:bc:a7:89:6a:
         5d:f2:ce:37:b2:e7:d3:53:75:c5:2d:fc:5c:74:05:59:32:9f:
         e4:ff:48:20:ec:22:70:a7:f7:9d:50:e8:6c:45:cb:79:c8:19:
         05:a1:72:28:09:c4:41:63:14:04:d3:21:24:f7:cf:ce:d0:2a:
         ff:16:c5:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwvoiHZ+OVQj8bBrm4p3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY4NTJkNDkwNGRjYWRhNzFmNzJkYmNmOWQwMTc5ZWE3OGJkZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykiq/Tbee3vBOnx8L9oqxsYZ+SUC
Lqd5E/Np6yO8UKO7bx9MygG69bKfIE/94VAifqNG5yy8970+0ftoO2DVAeGtb3yX
OvO+/MLA+V49URctx21smPugpGQk4WEGBQx+fI+HY6HJxtaS7cxIKovksLclnBkK
mAiilCuLN/b54At63uJONE3+OCIIuSuuGpl1zLRssXdyO3EDPYuSeINrAFYYlIhQ
Hf56oGOtrQf9xZgksebGlVYMDFJC+qLVKJ74EvzsZx32GodKdfX82Vb5sUI6zVTV
gfZzGKG/vRcSKBVHlKzCyJuLFtGbbVvUf4XfiIPwpzfZ+jOMQ2En7Bd+SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX4UtSQTcracfctvPnQF56ni959MB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvTmZoUzFKQk55dHB4OXkyOC1kQVhucWVMM24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVJYMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJ7IUaLTRAg56P0Lek6CWXoN4bdQ2iXbRVH/osDK8
aoFWejJ6BMewgr2Yvst7GXr5vwfM8GPH4MnXRZJ1zInXw8kcJ7hdjSToI0xhXpLX
cMlItvSVsbWac38i5K/UtjqPeuzQJV2kwe601cbSWf0CAMyZwGvsQkKJeEC2Jey0
gir/KAZzXzvca8rfo8lIDWCV0asSfRlYv3EO2zUbvHsD9+NaEJOFJUyB+QqNXMQM
0942jaAFWe6CsH4If86t7Z1EpbyniWpd8s43sufTU3XFLfxcdAVZMp/k/0gg7CJw
p/edUOhsRct5yBkFoXIoCcRBYxQE0yEk98/O0Cr/FsWZ
-----END CERTIFICATE-----